Security Compliance Manager

Successful business relationships are built on trust and shared values – this is an opportunity to join the team that programmatically helps Microsoft suppliers understand our values and data protection expectations. We hold suppliers to a set of privacy and security standards that consider cybersecurity risk, regulatory obligations, and personal data rights so that our customers can use our products and services with confidence.

The Microsoft Supplier Security and Privacy Assurance (SSPA) program is a corporate control that sets privacy and security requirements for our global suppliers and drives compliance to these baseline standards. This is an opportunity to bring your security thought leadership to interactions with suppliers and security colleagues so that you can integrate improved mitigating security controls to reduce risk to the company.

The Security Compliance Manager will build requirements and also help supplier meet these standards by supporting security compliance escalations. This role is for a skilled communicator, able to hold discussions with security supplier leaders while taking a security position with confidence, explaining it in clear terms, and having difficult conversations with ease!  This role will encounter an interesting and diverse breadth of supplier use case scenarios and will inevitably be at the forefront of security implications of how suppliers use AI Technologies.

This is a security compliance role, integral to an assurance program - this is not an investigations role, our focus is to prevent the worst outcomes to the extent possible. 

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees, we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.  

Responsibilities

• Embrace the accountability to mitigate and solve security escalations securing optimal outcomes for Microsoft working with Procurement and Security colleagues, suppliers and business owners. A security escalation may result from compliance processes or incident management.
• Uphold program integrity and standards as a compliance manager, apply security principles to a multitude of supplier use case scenarios to protect the company.
• Provide quality customer service to Microsoft business owners, risk communities and Procurement.
• Proactively build relationships with security colleagues to continually learn the current threat landscape to drive changes that reduce supplier risk.
• Participate in Procurement efforts to streamline the end to end buying process providing your security by design voice to discussions.
• Continually evaluate existing and emerging regulatory requirements related to security and highlight resulting change recommendations.
• Help build and drive critical projects that scale across diverse use of suppliers scenarios.
• Embody our culture and values.

Qualifications

Required Qualifications 

• Bachelor's Degree in Science, Business, Engineering, or related field AND 6+ years experience in business, legal/regulatory, compliance, audit/consulting firm 
  • OR equivalent experience. 

Preferred Qualifications 

• Bachelor's Degree in Science, Business, Engineering, or related field AND 12+ years experience in business, legal/regulatory, compliance, audit/consulting firm  
  • OR Master's Degree in Science, Business, Engineering, or related field AND 8+ years experience in business, legal/regulatory, compliance, audit/consulting firm 
  • OR Juris Doctor (JD) Degree AND 7+ years experience in business, legal/regulatory, compliance, audit/consulting firm 
  • OR equivalent experience. 
• Relevant Certification (e.g., International Organization for Standardization [ISO] Lead Auditor, International Association of Privacy Professionals [IAPP], Certified Public Accountant [CPA], Certified Information Privacy Professional [CIPP]).
• Demonstrates Microsoft values every day – respect, integrity and accountability.
• Champions automation to reduce cost and increase security readiness across a large portfolio.
• Is interested in industry trends, a consummate learner.
• Relishes the opportunity to engage broadly across Microsoft.
• Stay current on threat landscape and industry trends
• Experience in software development lifecycle practices.

Compliance IC5 - The typical base pay range for this role across the U.S. is USD $115,000 - $200,300 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $146,200 - $219,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until February 13, 2025.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.